From bc41f0398f081177ebc8036280f935d8bcb7bca0 Mon Sep 17 00:00:00 2001 From: "Paul \"LeoNerd\" Evans" Date: Tue, 21 Apr 2015 20:56:08 +0100 Subject: Initial implementation of an 'invite' power_level --- synapse/api/auth.py | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'synapse/api') diff --git a/synapse/api/auth.py b/synapse/api/auth.py index 9a5058a364..84a46385bb 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -232,6 +232,13 @@ class Auth(object): elif target_in_room: # the target is already in the room. raise AuthError(403, "%s is already in the room." % target_user_id) + else: + invite_level = self._get_named_level(auth_events, "invite", 0) + + if user_level < invite_level: + raise AuthError( + 403, "You cannot invite user %s." % target_user_id + ) elif Membership.JOIN == membership: # Joins are valid iff caller == target and they were: # invited: They are accepting the invitation -- cgit 1.4.1 From 2808c040ef4070e6a91e2b210383393cc54f66b5 Mon Sep 17 00:00:00 2001 From: "Paul \"LeoNerd\" Evans" Date: Tue, 21 Apr 2015 21:13:14 +0100 Subject: Also remember to check 'invite' level for changes --- synapse/api/auth.py | 1 + 1 file changed, 1 insertion(+) (limited to 'synapse/api') diff --git a/synapse/api/auth.py b/synapse/api/auth.py index 84a46385bb..d8b7614791 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -592,6 +592,7 @@ class Auth(object): ("ban", []), ("redact", []), ("kick", []), + ("invite", []), ] old_list = current_state.content.get("users") -- cgit 1.4.1